Dear Maksym,
in order to help you, I tried to mimic your configuration:
- nginx running in a docker container (listening on port 1000)
- nsd s1.com running in a docker container (listening on port 8081)
- nsd s2.com running on the docker host (listening on port 8082, no
container involved)
- s1 and s2 have info.tcl installed
On the docker host, i made the following tests
1) request to s1.com via containerized nginx
2) request to s2.com via containerized nginx
3) direct request to s2.com
All requests are made via curl.
To me, everything looks ok. I still do not understand, what you see as a
problem.
When you make a request to nginx with a host name neither s1.com or s2.com,
the first entry is chosen, and the request goes to s1.com. This is nginx
behavior.
all the best
-g
######################## case 1 ########################
% curl -H "Host: s1.com" http://localhost:1000/info.tcl Host: s1.com X-Real-IP: 192.168.65.1
X-Forwarded-For: 192.168.65.1 X-Forwarded-Proto: http X-Name: s1.com
Connection: close User-Agent: curl/8.6.0 Accept: */* ns_conn host:
s1.com ######################## case 2 ######################## % curl -H "Host: s2.com" http://localhost:1000/info.tcl Host: s2.com X-Real-IP: 192.168.65.1
X-Forwarded-For: 192.168.65.1 X-Forwarded-Proto: http X-Name: s2.com
Connection: close User-Agent: curl/8.6.0 Accept: */* ns_conn host:
s2.com ######################## case 3 ######################## % curl -H "Host: s2.com" http://localhost:8082/info.tcl Host: s2.com User-Agent: curl/8.6.0
Accept: */* ns_conn host: s2.com info.tcl:
########################################################### ns_return
200 text/plain [subst [ns_trim -delimiter | { |[join [lmap {key value}
[ns_set array [ns_conn headers]] {set _ "$key: $value\n"}] ""]
|
|ns_conn host: [ns_conn host]
}]]
###########################################################
nginx configuration:
###########################################################
server {
listen 80;
server_name s1.com;
location / {
proxy_passhttp://nsd:8081/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Name s1.com;
}
}
server {
listen 80;
server_name s2.com;
location / {
proxy_passhttp://host.docker.internal:8082/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Name s2.com;
}
}
###########################################################
docker-compose.yaml
###########################################################
version: '3'
services:
nginx:
image: nginx:alpine
ports:
- 1000:80
volumes:
- /opt/docker/nginx/conf.d:/etc/nginx/conf.d
depends_on:
- nsd
nsd:
image: gustafn/naviserver:latest-alpine
container_name: nsd
restart: unless-stopped
command: /usr/local/ns/bin/nsd -f -t /usr/local/ns/conf/nsd-config.tcl -u
nsadmin -g nsadmin
ports:
- 8081:8081
environment:
- TZ=${TZ:-Europe/Vienna}
- nsd_httpport=8081
- nsd_httpsport=
###########################################################
On 05.03.24 20:25, Maksym Zinchenko wrote:
Hello, no right now i have single nsd with many subdomains clients,
without docker.
For example: sub1.domain.com <http://sub1.domain.com>, sub2.domain.com
<http://sub2.domain.com> etc. What i want is to move each one of this
subdomains to a separeted docker container. But I need to move them
one by one, because I still testing my application on docker, so I
want to move for example sub1 today test it, next time sub2 test it
and so on.
While im working on one subdomain i still want to serve other subdomains.
So my idea was to move host's nsd to other ports 8080 and 8443 and
install nginx reverse proxy, so i can redirect some subdomains to
host's nsd and some to dockerized nsd.
Thanj you
On Tue, 5 Mar 2024, 18:08 Gustaf Neumann (sslmail), <neum...@wu.ac.at>
wrote:
Hi Maxsym,
if i understand correctly, you are sending from the docker host
requests to a single dockerized nginx instance, that forwards
these requests to a single dockerized nsd backend instance. The
nginx instance distinguishes the incoming requests to the same
port based on the host header field. And the same should happen as
well on the backend (nsd).
Is this a correct understanding of your setup?
This is somewhat unusual, since typically one uses nginx to
forward requests to multiple backend instances. So i am not sure,
why you are doing this. I am not an nginx expert, but my suspicion
is that one does not need 2 nginx “server” definitions for this.
The problem that you are seeing is that on the backend, you see
always the same host header field, which is used for virtual
hosting. Correct?
Maybe install for your backend servers the following script e.g.
under the name “info.tcl” and show the result of “curl -H ….”
requests, and what you are expecting.
all the best
-g
ns_return 200 text/plain [subst [ns_trim -delimiter | {
|[join [lmap {key value} [ns_set array [ns_conn headers]] {set
_ "$key: $value\n"}] ""]
|
|ns_conn host: [ns_conn host]
|ns_conn peer: [ns_conn peeraddr]
|ns_conn peer -source configured: [ns_conn peeraddr -source
configured]
|ns_conn peer -source direct: [ns_conn peeraddr -source direct]
|ns_conn peer -source forwarded: [ns_conn peeraddr -source
forwarded]
}]]
On 04.03.2024, at 11:45, Maksym Zinchenko <siqsu...@gmail.com> wrote:
I have a Naviserver with a couple of virtual web servers
listening on a single ip:port. I want to move all those virtual
servers to Docker containers gradually. So I'm trying to install
Nginx Reverse Proxy on my Docker container and configure it to
redirect requests to my host Naviserver.
I've changed my Naviserver config to listen to 8080 and 8443
ports on docker host gateway IP:
/opt/ns/bin/nsd -w -u nsadmin -t /opt/ns/conf/dz_nsd.tcl -b
172.17.0.1:8080 <http://172.17.0.1:8080/>,172.17.0.1:8443
<http://172.17.0.1:8443/>
In my Nginx config I have 2 listeners one for dev and dummy1
subdomains:
server {
listen 80;
server_name dev.daidze.org <http://dev.daidze.org/>;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://172.17.0.1:8080/;
}
}
server {
listen 443 ssl;
server_name dev.daidze.org <http://dev.daidze.org/>;
ssl_certificate /opt/ns/modules/nsssl/fullchain.pem;
ssl_certificate_key /opt/ns/modules/nsssl/privkey.pem;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://172.17.0.1:8443/;
}
}
server {
listen 80;
server_name dummy1.daidze.org <http://dummy1.daidze.org/>;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://172.17.0.1:8080/;
}
}
server {
listen 443 ssl;
server_name dummy1.daidze.org <http://dummy1.daidze.org/>;
ssl_certificate /opt/ns/modules/nsssl/fullchain.pem;
ssl_certificate_key /opt/ns/modules/nsssl/privkey.pem;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://172.17.0.1:8443/;
}
}
I'm using proxy_set_header Host $http_host; to redirect the
headers real Host parameter to my host Naviserver installation,
but I'm getting response only from the dev Virtual server. It
doesn't matter what url I request dev.daidze.org
<http://dev.daidze.org/> or dummy1.daidze.org
<http://dummy1.daidze.org/>. Here an example of request to
https://dummy1.daidze.org/ :
dev server
X-Real-IP: 172.64.238.37
X-Forwarded-For: 165.90.99.154, 172.64.238.37
Host: dummy1.daidze.org <http://dummy1.daidze.org/>
X-Forwarded-Proto: https
Connection: close
accept-encoding: gzip, br
CF-RAY: 85f13d442cd66671-MAD
CF-Visitor: {"scheme":"https"}
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64;
rv:123.0) Gecko/20100101 Firefox/123.0
accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
sec-gpc: 1
pragma: no-cache
cache-control: no-cache
CF-Connecting-IP: 165.90.99.154
CDN-Loop: cloudflare
CF-IPCountry: CV
What am I doing wrong? According to Naviserver docs redirection
is done based on the content of the /host/ header field. Right?
So this should work.
Thank you,
Maksym
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
